Commands used for testing system behaviour

In order to test the feature, we will modify the system, and it will change how tools behave.

Preparation

Please use a fresh Firefox profile (firefox -P) prior to a each new test cycle. This is to make sure that changes made to CA trust settings from earlier tests will be cleaned, and that you will get the exact behaviour as described on this page. An alternative to creating a fresh profile, quit Firefox and run

In our earlier tests, we have added (1) to the systemwide configuration.

The server at test9431.kuix.de:9431 uses a certificate that was issued by (3).

A root CA (1) might have issued a SUB CA that got compromised at a later time, and operating systems might add configuration to distrust it. The default system configuration that we use in Fedora 19 knows about (2) and actively distrusts it. Now that we have told the system to trust (1), we can verify if the software respects the configuration to correctly distrust (2). For this purpose, we use an additional test site at test9430.kuix.de:9430, which uses a certificate issued by (2).

Confirm that blacklisted site gets rejected

HOST: test9430.kuix.de
PORT: 9430

{The only application passing this test correctly is Firefox. Fixing other applications and crypto toolkits to pass this test is outside the scope of this Fedora feature.}

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, and JBoss are trademarks or registered trademarks of
Red Hat, Inc. or its subsidiaries in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
The Fedora Project is maintained and driven by the community and sponsored by Red Hat. This is a community
maintained site. Red Hat is not responsible for content.